1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

A few SITES keep giving me problems. Help!!!

Discussion in 'Web & Email' started by BigDaveinNJ, Nov 7, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    891
    I have this really strange problem with my PC that keeps happening several times per week.

    There are a handfull of my favorite sites, (GOOGLE, CBS SPORTSLINE, WEB-ATTACK and even TSG FORUMS) that when I try and go to them.... the status bar will flash a few times and then I get the page with cannot find server where they say there may be problems with the site.

    When this happens.... I cannot access these sites even manually by typing in the addy..... It's ONLY these four sites that do this. This happens several times per week.

    Usually, I can fix this by going into CP/add-remove programs/ and choosing the option to REPAIR IE 6. Sometimes I have to repeat the process a few times, but it will fix the prob.

    This is so damn annoying. These 4 sites just happen to be the ones I visit the most, so it's a real pain to me.

    I regularly clean out my temporary internet files, history etc.... and have all the spyware controllers like AD-AWARE, SPYBOT, etc... etc... and use them on a regular basis.

    I have even had a laptop running along with my desktop and all 4 sites load just fine..... so there is no trouble with the sites.

    Any educated guesses as to what may be happening here? Why only these 4 sites, and why can I fix it most of the time by repairing IE6? And... most importantly, how can I fix it PERMANENTLY? because it's driving me nuts to have to fix it all the time.

    Thanks in advance :)

    DAVID

    AMD-K6 500 Mhz, Win98se,IE6 and Netzero is my dial-up ISP.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,674
    First Name:
    Derek
    go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  3. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    891
    OK... here are the results of the HIJACK-THIS scan.......

    Logfile of HijackThis v1.97.2
    Scan saved at 2:35:07 PM, on 11/7/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NETZERO\EXEC.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\NETZERO\EXEC.EXE
    C:\WINDOWS\SLLIGHTS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DAVES' INTERNET EXPLORER
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_2_3_0.DLL
    O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\PROGRAM FILES\YAHOO!\COMMON\YCHECKH.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_2_3_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKCU\..\Run: [Invisible! 2001] "C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE"
    O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
    O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
    O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
    O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
    O9 - Extra button: FastDNS (HKLM)
    O9 - Extra 'Tools' menuitem: &FastDNS (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Wallpaper (HKLM)
    O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C3D96A02-EEA7-4264-98D7-D882A7338DE5} - http://downloads.excite.com/images/nocache/platinum/x8initialsetup1.0.0.2.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.844224537
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

    Please note............

    I have ran this scan in here several times before and made the reccomended changes and it will always help with things like homepage changing, hanging and all that stuff but this being unable to go to those 4 sites several times per week has been consistent.

    It's more of a pain in the neck than anything.... and yet I haven't read about anything even similar to this in any of these forums.

    Thanks for the help so far. :)

    DAVID
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,674
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html


    what conmcerns me is that 98 doesn't have a C:\WINDOWS\system32 folder, that only comes in Win2000/xp and upwards

    can you go to C:\WINDOWS\system32 using windows explorer and see if there are any other files in the folder, if so how many and what are they called

    it definitely looks like a nasty masquerading as a windows file
    also go to c:\windows\hosts open it in notepad and see what entrries are in it, copy and paste that foile to the forum if it has any entries at all
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,674
    First Name:
    Derek
    and are you using aol as a dsl provider if not then fix
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
     
  6. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    891
    Thanks DEREK for your help. Made the reccomended changes concerning hijack this log. Please view the attached jpg. which shows the system32 folder contents. I looked in the subfolder DRIVERS and there were a bunch in there.

    BTW... I tried to find a C/windows HOSTS folder but could NOT find any such folder. I wonder if this HOSTS folder is located somewhere else.

    Same thing happened a little while ago to me.... I was unable to visit this site..... either by clicking on a favorite or typing it in manually.

    The ONLY way I was able to get in here is by REPAIRING INTERNET EXPLORER. This time I only had to do it once, where as many times it takes two or three shots. Makes no sense to me why this keeps happening.

    Thanks again :)

    DAVID
     

    Attached Files:

  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,674
    First Name:
    Derek
    david

    please send me a copy of your system32 folder and everything inside of it, including the drivers folder and all it's contents so I can get it analysed and see what is causing the problem

    I suspect the whole system32 folder is a trojan/spyware folder

    send to [email protected]
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,674
    First Name:
    Derek
    OK david

    delete the entire system32 folder, it contains a hijacker that is causing your problems.

    If it won't let you del;ete it in one go then delete the files one at a time and the the drivers folder inside there then the folders them selves. They are not genuine windows folders but nasties

    there is no system32 folder in 98 or me
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,674
    First Name:
    Derek
    Also empty your temprary internet files and any temp folders

    search for temp and in any temp folder select all the files and delete them. I think this has made copies of itself inside the c:\windows\temp folder and will reinstate if not removed
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,674
    First Name:
    Derek
    this is how it got in
    http://www.malware.com/

    a hole that was plugged supposedly by M$ in several updates over the l;ast couple of years, so I would strongly advise you to make sure you go to windows update and get as many security patches as are available still for 98
     
  11. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    891
    Thanks for all of your help Derek. Well, after following all of your suggestions, deleting the System32 folder and all its' contents, deleting all TIFs and going and downloading all critical updates I am STILL having the problem.

    It took me 3 shots this time to get in here. I REPAIRED Internet Explorer 3 times in a row, followed by reboots and finally I am able to get in here.

    It's just these sites. TECH SUPPORT GUY FORUMS, GOOGLE, WEB-ATTACK and CBS Sportsline. There MAY be others, but these are the sites I visit most.

    I just don't know how a problem could be so site specific. WHY just these four sites? If I cannot get into one..... I cannot get into the others.

    What does REPAIRING Internet Explorer do anyway? From a technical standpoint, what are you actually doing? And, although it will fix the problem, it's usually only temporary.

    Has anyone heard of anything like this before?

    Thanks again

    DAVID
     
  12. vashonite

    vashonite

    Joined:
    Nov 3, 2003
    Messages:
    18
    Had a similar situation a couple of years ago. Similar in that I could only access part of the internet. Turned out that my isp had a new guy on the block taking care of some of their equipment and he had mis set some settings on a server to filter some domains. Drove myself and a bunch of the other folks in our area nuts trying to figure out what was going on since the isp kept telling us it was something we were doing -- Do you know if anyone else on your isp is having the same problem? Eventually the isp fixed their end of the problem, but in the meantime we found a work around that involved downloading and installing a vpn client. Don't know for sure why that worked, but some of the guys figured that it reset some settings on our computers. Good luck!
     
  13. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    891
    I do not feel that it is related to the ISP (NetZero) because I have had a laptop and another desktop on at the same time this is happening and they both work fine.

    Whatever in the world is causing this.... REPARING Internet Explorer somehow fixes it, albeit usually only temporary.

    This is such a pain, especially since I have dial-up.

    I wonder if I have the most recent version of IE 6? View the attached jpg. for version info.

    It just makes no sense to me. I guess I'll just see if anyone else has this problem.

    Thanks again :)

    DAVID
     

    Attached Files:

  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,674
    First Name:
    Derek
    Dave

    it sounds like there is a hosts file problem

    do a search for hosts and when you find it open it in notepad and see if any entries relate to the problem sites

    Note: hosts files are normally hidden files so make sure that you have all files set to show by opening explorer /tools/folder options/view and make sure that show hidden files & folders is ticked and hide protected operating system files is UNticked

    and when you search use the option to search hidden & system files

    you should find the hosts file in c:\windows in 98
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,674
    First Name:
    Derek
    I've found out this hijacker is a form of CWS

    so Run CWshredder from
    http://www.spywareinfo.com/~merijn/cwschronicles.html
    and make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection

    see if that cures the problem
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/177642

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice